import java.sql.*;

public class BasicExecuteSQL2 {
    private Connection connection = null;
    public PreparedStatement preparedStatement = null;
    public ResultSet resultSet = null;

    static {
        try{
            //连接MqSQL数据库
            Class.forName("com.mysql.cj.jdbc.Driver");
        }catch (ClassNotFoundException e){
            e.printStackTrace();
        }
    }

    //String sql = "SELECT * FROM admin WHERE username = ? AND password = ? ";
    public ResultSet getResultSet(String sql){

        //生产环境上一定要使用PreparedStatement，而不能使用Statement。
        //防止注入非法的值：delete from tableName、truncate table tableName或drop table tableName。
        try {
            preparedStatement = connection.prepareStatement(sql);
            preparedStatement.setString(1,"user");
            preparedStatement.setInt(2,123456);
            resultSet = preparedStatement.executeQuery();
        } catch (SQLException e) {
            e.printStackTrace();
        }finally {
            preparedStatement = null;
        }
        return resultSet;
    }
}
